diff --git a/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java b/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java index 96f6afda8..fef7fef82 100644 --- a/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java +++ b/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java @@ -22,6 +22,7 @@ import org.dependencytrack.model.Vulnerability; import org.dependencytrack.model.VulnerableSoftware; import org.dependencytrack.persistence.jdbi.mapping.ExternalReferenceMapper; +import org.dependencytrack.persistence.jdbi.mapping.OrganizationalContactMapper; import org.dependencytrack.persistence.jdbi.mapping.VulnerabilityRowMapper; import org.dependencytrack.persistence.jdbi.mapping.VulnerableSoftwareRowMapper; import org.jdbi.v3.sqlobject.config.RegisterColumnMapper; @@ -396,6 +397,7 @@ SELECT DISTINCT ON ("V"."ID") and "C"."PROJECT_ID" = :projectId """) @RegisterFieldMapper(Component.class) + @RegisterColumnMapper(OrganizationalContactMapper.class) @RegisterColumnMapper(ExternalReferenceMapper.class) List getVulnerableComponents(@Bind long projectId, @Bind List vulnerabilityIds); diff --git a/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java new file mode 100644 index 000000000..1ceb50a23 --- /dev/null +++ b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java @@ -0,0 +1,36 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.dependencytrack.persistence.jdbi.mapping; + +import org.dependencytrack.model.OrganizationalContact; +import org.dependencytrack.persistence.converter.OrganizationalContactsJsonConverter; +import org.jdbi.v3.core.mapper.ColumnMapper; +import org.jdbi.v3.core.statement.StatementContext; + +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.List; + +public class OrganizationalContactMapper implements ColumnMapper> { + + @Override + public List map(ResultSet r, int columnNumber, StatementContext ctx) throws SQLException { + return new OrganizationalContactsJsonConverter().convertToAttribute(r.getString(columnNumber)); + } +} diff --git a/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java b/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java index 67c98aadc..542096c82 100644 --- a/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java +++ b/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java @@ -24,6 +24,7 @@ import org.dependencytrack.model.Component; import org.dependencytrack.model.Epss; import org.dependencytrack.model.ExternalReference; +import org.dependencytrack.model.OrganizationalContact; import org.dependencytrack.model.Project; import org.dependencytrack.model.Severity; import org.dependencytrack.model.Vulnerability; @@ -709,6 +710,10 @@ public void setupData() { extRef.setType(org.cyclonedx.model.ExternalReference.Type.WEBSITE); extRef.setUrl("www.test.com"); component.addExternalReference(extRef); + var author = new OrganizationalContact(); + author.setName("author"); + component.setAuthors(List.of(author)); + component.setVulnerabilities(List.of(vulnA, vulnB)); Component component2 = new Component();